Ask a Question
Question everything. Help others. Impart wisdom
Web Application Firewall Module Ideally we want it so that every 200 response does not indicate a fail. Since we return 200 for every request good or bad....what are our options?...returning a 200 error, doesn’t provide the value we want from the Cymulate tool
Hi all!We observe in our agents the Cymulate Watchdog process (configured on install to run every 5 minutes) showing a lot of execution errors, and it may be impacting mainly on Windows Servers, where agent only runs if some user is logged into. The event viewer error says that a config file, "CymulateWatchDog.deps.json" is missing, and we couldn't find any memption about it on forum or help center. Despite Windows Server was mentioned in this example, this behavior (Watchdog unsucessfull) appears to occur with unix (Linux/macOS) systems too.About this case:- How we could repair this watchdog behavior? Is there some example of "CymulateWatchDog.deps.json" settings?- Repairing watchdog, it will be effective with agent up without a user stay logged onto server ?RegardsUiliam Mello
Hi Hatters!I believe that setting benchmarks to assess your organization’s security posture vs. other organizations is important to understand issues that are crossing regions, industries and more, and prioritize focuses to align your security posture with industry standards.Having said that, there’s lack of data visibility to security posture trends and it’s hard to find a single source of truth which is normalized and clarified for instant use.So, I wanted to ask:What kind of security benchmarks are you setting and tracking today? What are these benchmarks’ parameters? (by region, by industry, by organization’s size etc) Which data sources are you using to create the benchmark? Are you using any regulatory/standardized frameworks for benchmarks?Thank you!
The agent installed on the machines have been installed as local administrator. When logging off they will stay connected to the cloud system for about 5 minutes then it will disconnect. The agent then has to be restarted once logged back in to the system. The application has been whitelisted. I am looking for any additional troubleshooting techniques to look for.
Hi all,As part of a product discovery process we’re at, we wanted to ask our amazing community - what kind of dashboards are currently implemented in your security posture management routine? Which data sources are you fusing into these dashboards? On which platform do you implement these dashboards? (Splunk, Tableau, PowerBI, other tools)Thank you!
We are heavily invested in AWS EC2, and we would like to maximize our usage with Cymulate. We are looking for specific assessments and scenarios we can run to reduce risks that arise from misconfiguration in the cloud, such as inadequate access restrictions, unencrypted private data (ex credentials), AWS AMI patching, secured lambda coding, etc. Can you please assist?
Hi all,I am reaching out regarding a major issue we've been hearing about recently. Though it's not new and has been around for a couple of years, it is of vital importance and has become a "standard" bad practice. Organizations allow direct traffic to ANY and from AWS S3 buckets without analyzing, sanitizing or blocking it by web filters etc., potentially exposing the organization to all sorts of attacks.A few words for those of you who don’t know exactly what are AWS S3 buckets. These are AWS Simple Storage Service (S3) and according to Amazon, S3 are commonly used to “store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics”. At a high level, S3 consists of “buckets” and “objects”, in which objects are files that are stored in a bucket. Due to the functionality of this service various users at an organization (IT, Dev, Sales, Finance etc.) require it
Morning We have a customer who needs to place the lateral movement requirement in the their eSET end point solution HOWEVER eSet requires both an application AND APPLICATION PATH to set an exemption (you cant exempt base solely on the application name) How can this be achieved? File Name: CymulateLM.exe MD5: 7e1c9df044bcafe8e5a4372793985368 SHA-256: db5f25b745f701d905d5d6f3979f9d4aec2ae22ad8f5bb66c428324b5e25b0a4 SHA-1: 18076280e739af9c4c8c93ef99e6a20777c80ff5 Thanks.
Most of the Organization have their MISP infra to gather Open Source intelligence and integrated with Security Orchestration Automation and Response to block the threat but there is no way to vet the IOC provided by MISP. How can we make use of Cymulate to Check Reachability to the IOC gathered from the OSInt ? Check Data Exfiltration capability through the said IOC ? Check Reputation of the said IOC gathered through and exchanged anonymously within the network of Cymulate and simultaneously being vetted across the various industries post their consent to exchange Threat Data? Type of IOC to be vetted:-IP IP and Port combination Email
Hey Community! For those who didn’t notice, OWASP is now updating its Top 10 project (didn’t happen for 4 years):https://owasp.org/Top10/ They have changed the order, merged some categories with others and created some new categories.It is also interesting to see that for the first time there’s a focus on CI/CD security. The number 10 (new) category is SSRF, which was recently added as an attack category in the Cymulate WAF module – check it out.
I am trying to setup the AVM inside Cymulate. Below you will see what I have done thus far...I have gone into Cymulate’s Integration and Selected Edit on the InsightVM Integration Module and my email & password auto-filled. Https://###.###.###.###:3780/ is the IP address format that I inputted from my On-Prem InsightVM’s Console.I have one agent depolyed. I logged into My VPN on this device for it to find this system on the Domain. I still was not successful in connecting the VM back to Cymulate’s AVM.What can I do to get this API connection resolved?
I have what might be a quick question, but I want to be able to run the entire backlog of known attacks how can i queue those up? Also when a new threat assessment is run, how can I get the system to send an automatic email with the report? Lastly, I had a system that went offline for a extended period, I saw no notices that the automatic testing had no agent to run against.
Dear community members, I’m interested to learn about useful dashboards that you have developed in your environment (in Splunk for instance) that provide significant insights as to the effectiveness of the various controls that are assessed in the Hopper module. I’m interested in seeing useful examples of insights based on consolidated Hopper reports (of multiple assessments). Eagerly waiting to learn from you! Michael
Having a mitigation assurance process is important for focusing engineering efforts and efficiently keeping up with the organizational security posture program.How do you currently assure findings from various assessments are properly mitigated by your engineering teams?
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.